How to use the command 'nettop' (with examples)
- Osx
- December 17, 2024
Nettop is a powerful command-line utility used on macOS systems for real-time network interface monitoring. It offers detailed insights into the network activity of the system, displaying information about ongoing connections, data traffic, and general network usage. By presenting data in a dynamic and up-to-date fashion, nettop serves system administrators, developers, and curious users alike by providing them with essential network performance insights.
Monitor TCP and UDP sockets from all interfaces
Code:
nettop
Motivation: Monitoring TCP and UDP sockets across all network interfaces is crucial for understanding the overall network activity of a system. This use case provides a comprehensive view of all internet traffic, making it valuable for detecting unusual activity, analyzing network performance, or troubleshooting connection issues.
Explanation:
nettop: Runningnettopwithout specific parameters defaults to displaying all TCP and UDP socket activity across all network interfaces on the system.
Example output:
tcp4 192.168.1.2:12345 destination.com:80 ESTABLISHED
udp4 192.168.1.2:54321 239.255.255.250:1900 ESTABLISHED
...
Monitor TCP sockets from Loopback interfaces
Code:
nettop -m tcp -t loopback
Motivation: Focusing on TCP sockets on loopback interfaces is typically used during development and debugging. This particular view helps developers monitor processes communicating within the same machine, such as server-client applications.
Explanation:
-m tcp: Filters the output to only display TCP protocol connections.-t loopback: Targets connections that are using the loopback interface, which is generally used for local machine interactions.
Example output:
tcp4 127.0.0.1:8080 127.0.0.1:9000 ESTABLISHED
tcp4 127.0.0.1:60340 127.0.0.1:60341 ESTABLISHED
...
Monitor a specific process
Code:
nettop -p "process_id|process_name"
Motivation: Sometimes, you need to isolate the network activity pertaining to a single process, especially when suspecting a specific application of generating unusual traffic or diagnosing its performance. This targeted approach aids in precise monitoring and debugging.
Explanation:
-p "process_id|process_name": Allows the user to specify either a process ID or a process name, filtering network activity to just that process.
Example output:
process_name (PID 1234) tcp4 192.168.1.2:44523 server.example.com:443 ESTABLISHED
...
Display a per-process summary
Code:
nettop -P
Motivation: A per-process summary succinctly provides a snapshot of the network activity, organized by each running process. It is vital for quickly understanding which applications are using the network most extensively, aiding in resource management and diagnostics.
Explanation:
-P: This flag modifies the output to display network data consolidated by each process, offering a high-level view of network usage.
Example output:
Chrome Sent: 543KB Received: 1.2MB
Docker Sent: 1MB Received: 800KB
...
Print 10 samples of network information
Code:
nettop -l 10
Motivation: In scenarios where continuous monitoring is unnecessary or when system resources should be conserved, collecting a fixed number of network data samples provides enough insight into the network status without prolonged activity.
Explanation:
-l 10: Limits the output to 10 snapshots or samples of the current network information.
Example output:
Sample 1:
tcp4 192.168.1.5:50200 example.com:443 ESTABLISHED
...
Sample 10:
udp4 192.168.1.5:50201 server.example.com:8080 ESTABLISHED
...
Monitor changes every 5 seconds
Code:
nettop -d -s 5
Motivation: Monitoring network activity with periodic updates is crucial for observing changes over time, which is essential for detecting fluctuations in traffic patterns, diagnosing performance issues, or recognizing security threats.
Explanation:
-d: Enables delta mode, showing changes since the last sample.-s 5: Sets the update interval to 5 seconds, allowing for real-time monitoring at specified intervals.
Example output:
[After 5 seconds]
tcp4 192.168.1.6:50123 app.server.com:80 ESTABLISHED (change: +100KB)
...
While running nettop, list interactive commands
Code:
h
Motivation: Understanding and utilizing interactive commands can enhance the user’s ability to efficiently navigate and interact with nettop while it runs. This can be particularly useful for tailoring the displayed data to meet specific needs without restarting the session.
Explanation:
h: While nettop is running, pressing ‘h’ will display a list of interactive commands available during the session, assisting the user to modify views or toggle information on the fly.
Example output:
Interactive commands:
p - sort by process
d - toggle delta mode
...
Display help
Code:
nettop -h
Motivation: Accessing help documentation directly from the command line allows users to quickly reference the available options and usage instructions, providing a convenient way to learn more about nettop’s capabilities without needing an external resource.
Explanation:
-h: Displays the help menu, listing details about nettop’s flags and options.
Example output:
Usage: nettop [options]
Options:
-m, --monitor mode
...
Conclusion
Nettop remains an essential tool for anyone needing in-depth analysis of network activity on a macOS system. Whether you’re monitoring all traffic, focusing on specific processes, or customizing the view of your data, each use case of nettop provides unique insights tailored to specific user needs. Understanding each of these applications not only enhances your ability to diagnose and optimize network performance but also empowers you to manage your system’s resources effectively.
